. */ namespace SP\Providers\Auth; use DI\Container; use SP\Config\ConfigData; use SP\DataModel\UserLoginData; use SP\Providers\Auth\Browser\Browser; use SP\Providers\Auth\Browser\BrowserAuthData; use SP\Providers\Auth\Database\Database; use SP\Providers\Auth\Database\DatabaseAuthData; use SP\Providers\Auth\Ldap\LdapAuthData; use SP\Providers\Auth\Ldap\LdapMsAds; use SP\Providers\Auth\Ldap\LdapParams; use SP\Providers\Auth\Ldap\LdapStd; use SP\Providers\Provider; use SP\Services\Auth\AuthException; defined('APP_ROOT') || die(); /** * Class Auth * * Esta clase es la encargada de realizar la autentificación de usuarios de sysPass. * * @package SP\Providers\Auth */ final class AuthProvider extends Provider { /** * @var array */ protected $auths = []; /** * @var UserLoginData */ protected $userLoginData; /** * @var ConfigData */ protected $configData; /** * @var Browser */ protected $browser; /** * @var Database */ protected $database; /** * Probar los métodos de autentificación * * @param UserLoginData $userLoginData * * @return false|AuthResult[] */ public function doAuth(UserLoginData $userLoginData) { $this->userLoginData = $userLoginData; $auths = []; foreach ($this->auths as $authType) { /** @var AuthDataBase $authDataBase */ $authDataBase = $this->$authType(); if ($authDataBase !== false) { $auths[] = new AuthResult($authType, $authDataBase); } } return count($auths) > 0 ? $auths : false; } /** * Autentificación de usuarios con LDAP. * * @return bool|LdapAuthData */ public function authLdap() { $ldapParams = (new LdapParams()) ->setServer($this->configData->getLdapServer()) ->setBindDn($this->configData->getLdapBindUser()) ->setBindPass($this->configData->getLdapBindPass()) ->setSearchBase($this->configData->getLdapBase()) ->setAds($this->configData->isLdapAds()); if ($this->configData->isLdapAds()) { $ldap = new LdapMsAds($ldapParams, $this->eventDispatcher, $this->configData->isDebug()); } else { $ldap = new LdapStd($ldapParams, $this->eventDispatcher, $this->configData->isDebug()); } $ldapAuthData = $ldap->getLdapAuthData(); if (!$ldap->authenticate($this->userLoginData)) { return $ldapAuthData->getAuthenticated() === true ? $ldapAuthData : false; } // Comprobamos si la cuenta está bloqueada o expirada if ($ldapAuthData->getExpire() > 0) { $ldapAuthData->setStatusCode(701); } elseif (!$ldapAuthData->isInGroup()) { $ldapAuthData->setStatusCode(702); } $ldapAuthData->setAuthenticated(true); return $ldapAuthData; } /** * Autentificación de usuarios con base de datos * * Esta función comprueba la clave del usuario. Si el usuario necesita ser migrado, * se ejecuta el proceso para actualizar la clave. * * @return DatabaseAuthData * @throws \Psr\Container\ContainerExceptionInterface * @throws \Psr\Container\NotFoundExceptionInterface */ public function authDatabase() { return $this->database->authenticate($this->userLoginData); } /** * Autentificación de usuario con credenciales del navegador * * @return BrowserAuthData */ public function authBrowser() { return $this->browser->authenticate($this->userLoginData); } /** * Auth constructor. * * @param Container $dic * * @throws AuthException * @throws \DI\DependencyException * @throws \DI\NotFoundException */ protected function initialize(Container $dic) { $this->configData = $this->config->getConfigData(); if ($this->configData->isAuthBasicEnabled()) { $this->registerAuth('authBrowser'); $this->browser = $dic->get(Browser::class); } if ($this->configData->isLdapEnabled()) { $this->registerAuth('authLdap'); } $this->registerAuth('authDatabase'); $this->database = $dic->get(Database::class); } /** * Registrar un método de autentificación primarios * * @param string $auth Función de autentificación * * @throws AuthException */ protected function registerAuth($auth) { if (!method_exists($this, $auth)) { throw new AuthException(__u('Método no disponible'), AuthException::ERROR, __FUNCTION__); } if (array_key_exists($auth, $this->auths)) { throw new AuthException(__u('Método ya inicializado'), AuthException::ERROR, __FUNCTION__); } $this->auths[$auth] = $auth; } }